The Silicon Underground

Home » Page 298

Bad news about smartphones, but maybe not all bad

Dave Farquhar security August 15, 2013AES, NSA

When you install Java on a Windows box, it brags that it runs on 3 billion devices. It’s not joking. A fair chunk of those 3 billion devices are the SIM cards that register your cell phone on its network. And those SIM cards frequently are woefully insecure. The mid-90s called, and they want their crypto back.

Via a text message you’ll never see, it’s possible to hack the 56-bit DES encryption used by many cards, or the triple-DES-in-name-only crypto used in others–repeating wimpy 56-bit crypto with the same key three times doesn’t make it any less wimpy–then send the cards a malicious Java applet, which busts out of the security on the ancient version of Java on your card, and ride this cascade of security flaws to do lots of nasty things like listen in on phone calls and intercept text messages.

Even if half of Americans don’t seem to mind the NSA listening to their phone calls, I’m pretty sure a majority of Americans don’t want the Russian Mafia listening to them. Read more

The Sero 7 tablets got cheaper last week and I missed it

Dave Farquhar Android August 13, 2013August 18, 2013android, nexus

Amid competition from newer, faster tablets like the 2013 model Nexus 7, Hisense cut the price of its low-cost 7-inch Android tablets. The low-end Sero 7 now costs $79, and while the reviews on that tablet aren’t all that great, it’s much better than last year’s $79 tablet. The Sero 7 Pro, which I own, now costs $129.

They’re imperfect tablets–the Sero 7 Pro, even with its recent update, still crashes from time to time when I use a keyboard with it–but they were fine for the money at their old prices, and at their new prices, it’s hard to go wrong. I expect that eventually they’ll attract enough third-party development that there will be ROMs available to address their shortcomings.

Go to college, but don’t go broke doing it

Dave Farquhar Saving money August 12, 2013August 11, 2013debts, journalism, Meals, Missouri, mizzou, old windows, Post Dispatch

I saw in this morning’s Post-Dispatch that 25% of student borrowers can’t repay their debts.

I understand why, but it’s preventable. Jim Gallagher’s column has some good advice. I’ll add some more, having recently spent a little time on my old stomping grounds at Mizzou. Read more

No, using an emergency fund to pay off credit card debt isn’t a good idea

Dave Farquhar Saving money August 7, 2013August 6, 2013COBRA

It seems like I’ve been finding a lot of financial questions online lately. I guess that’s good–it means people are thinking. The best question I’ve found this week is whether you should use your emergency fund to pay off credit card debt.

Mathematically, it makes sense to do so. But one thing I remember hearing time and time again as we were paying off massive quantities of debt was not to empty bank accounts in order to do it. The reason for it was simple: Life is unpredictable. Read more

Watch your embedded security

Dave Farquhar security August 5, 2013

If there’s a theme I’ve heard over and over again this year, it’s that it’s time to pay attention to security in embedded devices like routers, other network equipment, televisions, and the other devices around us. This is the soft underbelly, and frankly, it’s probably a time bomb.

The astonishing thing is that we’re now protecting our computers with devices that have bigger security holes than our computers do. Read more

Wget is not a hacking tool

Dave Farquhar security August 1, 2013January 11, 2022prison, Whitelist

The Bradley Manning verdict came out this week, and the less I say about Manning himself the better, but one thing in the press coverage definitely bothered me, and I want to set that straight.

The prosecution attempted to tie him to Julian Assange, saying he coached Manning on the use of “hacking tool wget.”

Wget isn’t a hacking tool. Read more

Not your father’s Celeron

Dave Farquhar Hardware, Linux July 31, 2013July 15, 2017amd, asus, debian, intel, Libre Office, micro atx, Microsoft Office, Open Office, overclocking, passwords, samsung

I picked up a Celeron G1610 CPU last week and I’m using it to build a Linux box. Yeah, it’s a Celeron. But it performs like a 2011-vintage Core i3 or a 2010-vintage Core i5, consumes less power than either, and costs less than $50. It’s hard to go wrong with that. Read more

How many Fortune 25 companies does it take to change a light bulb?

Dave Farquhar Humor/Satire, War Stories July 30, 2013July 29, 2013AIX, compaq, EDS, hp, IBM, irony, unix

I’m working right now for a Fortune 25 company. This story is going to sound like bragging, so I’ll ask forgiveness in advance. Maybe if I mention I’m a contractor, then it’s not bragging quite so bad. Read more

How we learn

Dave Farquhar Uncategorized July 29, 2013July 28, 2013IBM, insulin, Lawn mower, lifehacker, XT

An article on Lifehacker this week explained a lot about how I initially became a computer professional. Its advice was to fly by the seat of your pants, try things without guidance or manuals, not be afraid to fail occasionally, and learn before you go to sleep.

So when I spent many nights in my late teens disassembling and reassembling obsolete IBM PC/XT clones to learn how they worked, I was unwittingly doing all of it right.

Windows NT turns 20

Dave Farquhar Windows July 27, 20131990s, apple, Bill Gates, Steve Jobs, vista, windows 2000, windows nt, Windows XP

The first version of Windows NT, version 3.1 (to coincide with the then-current 16-bit version of Windows) was released 20 years ago today. It was an insanely ambitious effort for Microsoft that took a while to pay off, though it eventually did in spades. Windows NT was what killed off Novell and OS/2 and turned the proprietary operating system market into a duopoly. Although a user running it wouldn’t see much difference between Windows NT and regular Windows except that it didn’t crash nearly as much, it was the first version of Windows that qualifies as a modern operating system, with pre-emptive multitasking and protected memory.